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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
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earned patent term adjustment. See 37 CFR 1 .704(b). 
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closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
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4) ^ Claim(s) U9 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1^9 is/are rejected. 
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DETAILED ACTION 

This action is in response to the papers filed 5/31/2007. Claims 1-9 were 
received for consideration. 

Response to Arguments 

Applicant's arguments with respect to Winneg not disclosing "a multi-user 
system" have been fully considered but they are not persuasive. Winneg clearly 
discloses a multi-user system in column 4 lines 8-18 workstation of a computer lab. 

Applicant's arguments with respect to Winneg not disclosing "automatically using 
a security executable to create a list of authorized operations for said computer user 
when the computer user logs on to the multi-user system" have been fully considered 
but they are not persuasive. Winneg clearly discloses in column 3 line 58 - column 4 
line 3 that the security executable is always running on the computer but only when the 
user invokes an application that needs security. The computer "prior to execution of the 
application, such method and system may terminate any unauthorized processes 
executing (i.e., running) on the computer system, and may configure the application 
such that unauthorized content cannot be accessed, including configuring the 
application such that unauthorized processes cannot be initiated (i.e., launched) by the 
application. Further, such system and method may terminate any unauthorized 
processes detected during execution of the application, and, prior to execution of the 
first application, may disable any functions of the computer system that are capable of 
accessing unauthorized content, including disabling any functions capable of initiating 
processes on the computer system. 
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Claim Rejections - 35 USC § 102 

The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

Claim 1-4 and 6-9 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Winneg et al (US 7,165,269). 

With respect to claim 1 , a process for restricting unauthorized operations by a 
computer user in a multi-user system, comprising the steps of: using a security 
executable to create a list of authorized operations for said computer user when the 
computer user logs on to the multi-user system (see column 18 lines 47-56); attaching a 
hook function to all new processes (see column 12 lines 43-59); employing the hook 
function whenever a new application is started to send a message to the security 
executable (see column 12 lines 43 column 13 line 2), said message including a 
process id and path of the new application (see "SetWindowsHookEx" reference, 
Dietmoday inherent in windows to SetWindowsHookEX function parameter dwThreadID 
); receiving said message from the hook function at the security executable and 
correlating to said list to determine whether the new application is authorized or not (see 
figure 10 and column 19 lines 10-16); answering the message by the security 
executable when the new application is authorized to indicate so (see column 13 lines 
3-20); stopping the new application when the new application is not authorized (see 
column 19 lines 53-57). 
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With respect to claim 2, a software system for restricting unauthorized operations 
by a computer user in a multi-user system, comprising: 

a first program module, comprises is a hook procedure, for automatically 
attaching to all new processes and for querying an ID of each said new process when 
the computer user logs on to the multi-user system (see column 12 lines 43-59); 

a second program module in communication with said first program module, said 
second program module using a security executable to build building a list of allowed 
applications (see column 18 lines 47-56), retrieving retrieve the ID of each new process 
from said first program module (see figure 10 and column 19 lines 10-16), and terminate 
each new process not identified on said list of allowed applications (see column 19 lines 
53-57). 

With respect to claim 3, wherein said first program module is executable in user 
mode (see column 12 lines 43-59). 

With respect to claim 4, wherein said first program module is attached to said 
new processes by tying into the USER32 using the system dynamic link library (see 
column 13 lines 21-29). 

With respect to claim 6, wherein said first program module communicates with 
said second program module by sending a message with the process ID and path of the 
process being examined (see column 12 lines 43 column 13 line 2). 

With respect to claim 7, wherein said second program module communicates 
with said first program module when said process is authorized by answering said 
message with an indication that said process is authorized (see column 13 lines 3-20). 
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With respect to claim 8, wherein said second program module automatically 
terminates said process when not authorized (see column 19 lines 53-57). 

With respect to claim 9, comprising the steps of: using a security executable to 
create and maintain a list of authorized processes and IDs for each computer user when 
the computer logs on to the network (see column 18 lines 47-56); attaching a hook 
function to all new processes (see column 12 lines 43-59); monitoring all new processes 
that are started with the hook function and determining a process ID thereof (see figure 
10 and column 18 line 27 -column 19 line 57); receiving said process ID from the hook 
function by the security executable (see "SetWindowsHookEx" reference, Dietmoday 
inherent in windows to SetWindowsHookEX function parameter dwThreadID ); 
determining whether the process ID of each started process is on said list (see column 
13 lines 3-20); allowing said process to continue when its process ID is on the list (see 
column 13 lines 3-20); terminating said process when its ID is not on the list (see 
column 19 lines 53-57). 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
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shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Devin Almeida whose telephone number is 571-270- 
1018. The examiner can normally be reached on Monday-Thursday from 7:30 A.M. to 
6:00 P.M. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron, can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. 

/Devin Almeida/ 
Examiner, Art Unit 2432 
10/01/2008 



/Gilberto Barron Jr/ 

Supervisory Patent Examiner, Art Unit 2432 



